From: Eugene Teo <eteo@redhat.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, Marcel Holtmann <holtmann@redhat.com>
Subject: [PATCH] Require mmap handler for a.out executables (was Re: 2.6.18-rc2-mm1)
Date: Thu, 27 Jul 2006 18:27:24 +0800 [thread overview]
Message-ID: <44C8950C.3080609@redhat.com> (raw)
In-Reply-To: <20060727015639.9c89db57.akpm@osdl.org>
Hi Andrew,
Andrew Morton wrote:
[snipped]
> - Lots of random patches. Many of them are bugfixes and I shall, as usual,
> go through them all identifying 2.6.18 material. But I can miss things, so
> please don't be afraid to point 2.6.18 candidates out to me.
[snipped]
The following patch provides better protection against people exploiting stuff
in /proc and I hope you consider it for upstream inclusion.
Thanks.
Eugene
[PATCH] Require mmap handler for a.out executables
Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable
of meeting the validity checks in ELF load_elf_*() handling because they
have no mmap handler which is required by ELF. In order to stop a.out
executables being used as part of an exploit attack against /proc-related
vulnerabilities, we make a.out executables depend on ->mmap() existing.
Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
commit 1597cf8405734e4747c808bb7e04115a6670dccf
tree 49050549aee6406dab0c021c5aa4e9bfc337bd8f
parent 44eb123126d289bac398cac0232309c228386671
author Marcel Holtmann <marcel@holtmann.org> Wed, 26 Jul 2006 12:12:14 +0200
committer Marcel Holtmann <marcel@holtmann.org> Wed, 26 Jul 2006 12:12:14 +0200
fs/binfmt_aout.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index f312103..5638acf 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -278,6 +278,9 @@ static int load_aout_binary(struct linux
return -ENOEXEC;
}
+ if (!bprm->file->f_op || !bprm->file->f_op->mmap)
+ return -ENOEXEC;
+
fd_offset = N_TXTOFF(ex);
/* Check initial limits. This avoids letting people circumvent
@@ -476,6 +479,9 @@ static int load_aout_library(struct file
goto out;
}
+ if (!file->f_op || !file->f_op->mmap)
+ goto out;
+
if (N_FLAGS(ex))
goto out;
--
eteo redhat.com ph: +65 6490 4142 http://www.kernel.org/~eugeneteo
gpg fingerprint: 47B9 90F6 AE4A 9C51 37E0 D6E1 EA84 C6A2 58DF 8823
next prev parent reply other threads:[~2006-07-27 14:14 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-27 8:56 2.6.18-rc2-mm1 Andrew Morton
2006-07-27 10:27 ` Eugene Teo [this message]
2006-07-27 11:40 ` [patch -mm] s390: remove s390 touch_nmi_watchdog() define Heiko Carstens
2006-07-27 12:26 ` 2.6.18-rc2-mm1 Frederik Deweerdt
2006-07-27 12:39 ` [patch] fix "efi_init_e820_map undefined" warning Frederik Deweerdt
2006-07-27 13:12 ` Should cpuset ABBA deadlock fix be in 2.6.18-rc2-mmx? Paul Jackson
2006-07-27 18:22 ` Andrew Morton
2006-07-27 19:32 ` Paul Jackson
2006-07-27 13:32 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-27 18:59 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-29 12:15 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-29 12:17 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 8:17 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 8:34 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-28 18:49 ` 2.6.18-rc2-mm1 Matt Helsley
2006-07-28 19:53 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 20:39 ` 2.6.18-rc2-mm1 Matt Helsley
2006-07-28 21:34 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-29 2:04 ` 2.6.18-rc2-mm1 Valdis.Kletnieks
2006-07-29 22:34 ` 2.6.18-rc2-mm1 Shailabh Nagar
2006-07-29 23:38 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 17:57 ` 2.6.18-rc2-mm1 Matt Helsley
2006-07-27 14:04 ` 2.6.18-rc2-mm1 Andy Whitcroft
2006-07-27 14:48 ` 2.6.18-rc2-mm1 Andy Whitcroft
2006-07-27 15:37 ` [PATCH] highmem: fixed ip27-memory.c build error Yoichi Yuasa
2006-07-27 18:16 ` [-mm patch] arch/i386/pci/mmconfig.c: fixes Adrian Bunk
2006-07-28 8:09 ` 2.6.18-rc2-mm1 Reuben Farrelly
2006-07-28 8:35 ` [mm-patch] bluetooth: use GFP_ATOMIC in *_sock_create's sk_alloc Frederik Deweerdt
2006-07-28 9:00 ` Marcel Holtmann
2006-07-28 12:36 ` Frederik Deweerdt
2006-07-28 9:17 ` Masatake YAMATO
2006-07-28 12:32 ` Frederik Deweerdt
2006-07-28 13:12 ` Masatake YAMATO
2006-07-28 16:15 ` [01/04 mm-patch, rfc] Add lightweight rwlock (was Re: [mm-patch] bluetooth: use GFP_ATOMIC in *_sock_create's sk_alloc) Frederik Deweerdt
2006-07-28 16:23 ` [02/04 " Frederik Deweerdt
2006-07-28 16:28 ` [03/04 mm-patch, rfc] Add lightweight rwlock to net/dccp/ccid.c " Frederik Deweerdt
2006-07-28 16:33 ` [04/04 mm-patch, rfc] Add lightweight rwlock to net/bluetooth/af_bluetooth.c " Frederik Deweerdt
2006-07-31 7:06 ` [01/04 mm-patch, rfc] Add lightweight rwlock Masatake YAMATO
2006-08-01 9:06 ` Frederik Deweerdt
2006-07-28 8:56 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 9:23 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-28 15:53 ` [PATCH] 2.6.18-rc2-mm1 i386 add_memory_region undefined Valdis.Kletnieks
2006-07-28 18:20 ` 2.6.18-rc2-mm1 - hard lockups on Dell C840 Valdis.Kletnieks
2006-07-28 18:44 ` 2.6.18-rc2-mm1 timer int 0 doesn't work Paul Fulghum
2006-07-28 21:48 ` Andrew Morton
2006-07-28 22:10 ` Paul Fulghum
2006-07-28 23:38 ` Andi Kleen
2006-07-29 0:15 ` Paul Fulghum
2006-07-29 1:16 ` Paul Fulghum
2006-07-29 1:24 ` Andrew Morton
2006-07-29 2:37 ` Paul Fulghum
2006-07-29 2:58 ` Eric W. Biederman
2006-07-29 4:03 ` Ingo Molnar
2006-07-30 23:00 ` Steven Rostedt
2006-07-29 2:36 ` Andi Kleen
2006-07-29 15:33 ` Paul Fulghum
2006-07-29 19:50 ` Eric W. Biederman
2006-07-29 22:05 ` Paul Fulghum
2006-07-31 5:31 ` Andi Kleen
2006-07-31 13:32 ` Paul Fulghum
2006-07-28 19:46 ` Kubuntu's udev broken with 2.6.18-rc2-mm1 Andrew James Wade
2006-07-27 19:56 ` Andrew Morton
2006-07-27 20:12 ` Greg KH
2006-07-28 14:33 ` Andrew James Wade
2006-07-30 14:01 ` Laurent Riffard
2006-07-31 0:03 ` Greg KH
2006-07-31 2:27 ` Andrew James Wade
2006-07-31 3:37 ` Greg KH
2006-07-31 4:22 ` Andrew Morton
2006-07-31 4:35 ` Greg KH
2006-07-31 4:50 ` Andrew Morton
2006-07-31 5:15 ` Greg KH
2006-07-31 6:00 ` Andrew Morton
2006-07-31 7:54 ` bert hubert
2006-07-31 8:30 ` Jesper Juhl
2006-07-31 11:14 ` Alan Cox
2006-07-31 8:10 ` Laurent Riffard
2006-08-01 3:01 ` Andrew James Wade
2006-07-27 21:28 ` Valdis.Kletnieks
2006-07-29 17:48 ` [-mm patch] security/selinux/hooks.c: make 4 functions static Adrian Bunk
2006-07-30 0:37 ` James Morris
2006-07-29 17:58 ` swsusp regression (s2dsk) [Was: 2.6.18-rc2-mm1] Jiri Slaby
2006-07-29 17:58 ` Jiri Slaby
2006-07-29 17:58 ` Jiri Slaby
2006-07-29 18:59 ` Rafael J. Wysocki
2006-07-29 18:59 ` Rafael J. Wysocki
2006-07-29 23:06 ` Jiri Slaby
2006-07-29 23:06 ` Jiri Slaby
2006-07-29 23:10 ` Rafael J. Wysocki
2006-07-29 23:10 ` Rafael J. Wysocki
2006-07-29 23:59 ` Jiri Slaby
2006-07-29 23:59 ` Jiri Slaby
2006-07-30 0:03 ` Jiri Slaby
2006-07-30 0:03 ` Jiri Slaby
2006-07-29 23:22 ` Pavel Machek
2006-07-29 23:22 ` Pavel Machek
2006-07-29 23:58 ` Jiri Slaby
2006-07-29 23:58 ` Jiri Slaby
2006-07-30 0:06 ` Pavel Machek
2006-07-30 0:06 ` Pavel Machek
2006-07-30 7:31 ` Rafael J. Wysocki
2006-07-30 7:31 ` Rafael J. Wysocki
2006-07-30 8:08 ` Jiri Slaby
2006-07-30 8:08 ` Jiri Slaby
2006-07-30 9:28 ` Rafael J. Wysocki
2006-07-30 9:28 ` Rafael J. Wysocki
2006-07-30 10:54 ` Jiri Slaby
2006-07-30 10:54 ` Jiri Slaby
2006-07-30 11:08 ` Pavel Machek
2006-07-30 11:34 ` Rafael J. Wysocki
2006-07-30 11:34 ` Rafael J. Wysocki
2006-07-31 13:59 ` Takashi Iwai
2006-07-31 13:59 ` [Alsa-devel] " Takashi Iwai
2006-07-31 14:03 ` Pavel Machek
2006-07-30 11:36 ` James Courtier-Dutton
2006-07-30 11:36 ` James Courtier-Dutton
2006-07-30 11:35 ` 2.6.18-rc2-mm1 fails to reboot properly on Dell Latitude CPiA Christian Trefzer
2006-07-31 4:42 ` 2.6.18-rc2-mm1 Reuben Farrelly
2006-07-31 4:57 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-31 5:25 ` 2.6.18-rc2-mm1 Andi Kleen
2006-08-03 15:59 ` [2.6 patch] DVB_CORE must select I2C Adrian Bunk
2006-08-03 16:10 ` [v4l-dvb-maintainer] " Manu Abraham
2006-08-03 16:30 ` Trent Piepho
2006-08-03 19:13 ` Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C8950C.3080609@redhat.com \
--to=eteo@redhat.com \
--cc=akpm@osdl.org \
--cc=holtmann@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.